[German]Microsoft is making another attempt to explain and familiarize administrators and users with the monthly update cycles for Windows 10. Some things were new for me, some words are sounding a a joke /slapstick in retrospect of July 2018 patches.
Anyone who deals with updates for Microsoft products actually knows that the first Tuesday of the month does bring non-security updates for Office. On the second Tuesday of each month there is the patchday, which brings security updates for Microsoft products. Then there will be preview rollup updates for Windows 7/8.1 and on 3rd Tuesday of each month. And it may be that none of the above is true, because Microsoft cancels updates on patchday, or rolls out the updates a few days later or simply rolls out re-releases of updates several times a month.
For Windows 10 I thought: Updates are usually cumulative and come on patchday (2nd Tuesday of the month) and also in between. As a private user or administrator you can’t really control much without WSUS or SCCM.
Because it has been repeatedly asked by administrators and users, John Wilcox from Microsoft has thankfully written the article Windows 10 update servicing cadence. Within this article, John Wilcox talks about the principle Microsoft is using to enroll updates.
- Be simple and predictable. IT managers should be able to plan for a simple, regular and consistent patching cadence. You shouldn’t need to stop what you’re doing to test and deploy an update. You should be able to plan a time, well in advance, to work on new updates. You also shouldn’t have to memorize multiple release schedules; the Windows release cadence should align with that of other Microsoft products.
- Be agile. In today’s security landscape, we must be able to respond to threats quickly when required. We should also provide you with updates quickly without compromising quality or compatibility.
- Be transparent. To simplify the deployment of Windows 10 in large enterprises or small businesses, you should have access to as much information as you need, and you should be able to understand and prepare for updates in advance. This includes guides for common servicing tools, simple release notes, and access to assistance or a feedback system to provide input.
Then Wilcox explains the update types for Windows 10. What’s new for me: Also Windows 10 is getting ‘Preview’ Rollups as a test for the upcoming month’s patchday.
- At times referred to as our “B” release, Update Tuesday (most often referred to as Patch Tuesday) updates are published the second Tuesday of each month. These updates are the primary and most important of all the monthly update events and are the only regular releases that include new security fixes.
- An out-of-band release is any update that does not follow the standard release schedule. These are reserved for situations where devices must be updated immediately either to fix security vulnerabilities or to solve a quality issues impacting many devices.
- The “C” and “D” releases occur the third and fourth weeks of the month, respectively. These preview releases contain only non-security updates, and are intended to provide visibility and testing of the planned non-security fixes targeted for the next month’s Update Tuesday release. These updates are then shipped as part of the following month’s “B” or Update Tuesday release.
The details may be read here, but frankly spoken, I don’t feel, that this update cadence is ‘simple and predictable’. For example:
- … for the latest version of Windows 10, we typically release the majority of non-security updates the fourth week of every month, two weeks after the last Update Tuesday and two weeks before the next, in a “D” release.
- For older versions of Windows 10 (as well as supported versions of Windows 7 and Windows 8.1), we sometimes release updates during the third week with a “C” release to provide you with extra time to test your legacy systems. In addition, as a new feature release draws near, we shift the current release to the “C” week, since there are fewer fixes and improvements necessary on the current version.
A lot of conditions, so an administrator has to check, which of his systems falls into the first or second category. Also the wording:
‘Having just a few updates to test on the “C” week and none on the “D” week gives you the chance to concentrate on other responsibilities and frees up time for when the next semi-annual update arrives. In most cases, “C” and “D” releases do not need be deployed to your broader device ecosystem. Instead, you can use these releases to identify any issues that could impact your next “B” deployment and provide feedback. This helps you get a head start on testing and understanding the potential impact of updates and gives you a chance to provide suggestions before those updates are officially released, providing a smoother and more tailored experience when the “B” release comes around.’
sounds to me like a joke. Well, I know, in business environments administrators may use group policy settings to block an update auto-install or defer non-security update. Also updates may be distributed selectively in WSUS or SCCM to Windows 10 clients. But my observation is, that administrators in business environments has enough to do, to handle regular security updates. There is no spare time to run intensive tests for preview group C and D updates.
And all systems without those infrastructure/settings – and all consumer Windows 10 systems – will install all pending updates automatically. Or in other words: The C and B preview updates for Windows 10 will be installed automatically – so consumers and small business systems without WSUS are the guinea pigs for testing the water. Or what is your opinion?
Addendum: Just got a comment from a German blog reader with the following content (I’ve translated it, to allow a discussion here).
What John Wilcox from Microsoft writes is not (yet) true. I’m not aware that Microsoft would have rolled out C and D updates but Out of Band because of fixes for fixes.
If they introduce preview updates *** I’m out, because these ruin the possibility of automatic approval in WSUS even before Windows 10 / 2016 because they do not belong to a separate category.
BTW: What was the credo of Microsoft’s guide lines? Be simple and predictable – and Be transparent. Currently I’m just confused and I’ve posted a comment under Microsoft’s article (the comment has vanished).